Vulnerabilities > Jetbrains

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-05	CVE-2022-28648	Cross-site Scripting vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered network jetbrains CWE-79	3.5
2022-04-05	CVE-2022-28649	Improper Restriction of Rendered UI Layers or Frames vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description network jetbrains CWE-1021	3.5
2022-04-05	CVE-2022-28650	Cross-site Scripting vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI network jetbrains CWE-79	3.5
2022-04-05	CVE-2022-28651	Insufficiently Protected Credentials vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields local low complexity jetbrains CWE-522	2.1
2022-02-25	CVE-2022-24442	Code Injection vulnerability in Jetbrains Youtrack JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. network low complexity jetbrains CWE-94 critical	9.8
2022-02-25	CVE-2022-25259	Cross-site Scripting vulnerability in Jetbrains HUB JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. network jetbrains CWE-79	4.3
2022-02-25	CVE-2022-25260	Server-Side Request Forgery (SSRF) vulnerability in Jetbrains HUB JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). network low complexity jetbrains CWE-918	6.4
2022-02-25	CVE-2022-25261	Cross-site Scripting vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. network jetbrains CWE-79	4.3
2022-02-25	CVE-2022-25262	Insufficient Verification of Data Authenticity vulnerability in Jetbrains HUB In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. network low complexity jetbrains CWE-345 critical	9.8
2022-02-25	CVE-2022-25263	OS Command Injection vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. network low complexity jetbrains CWE-78	7.5

Vulnerabilities > Jetbrains {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jetbrains"}]}

Vulnerabilities > Jetbrains